ID CVE-2009-3006
Summary Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
References
Vulnerable Configurations
  • cpe:2.3:a:maxthon:maxthon_browser:2.5.3.80:*:*:*:*:*:*:*
    cpe:2.3:a:maxthon:maxthon_browser:2.5.3.80:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 19-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
oval via4
accepted 2010-01-04T04:01:46.519-05:00
class vulnerability
contributors
name Sharath S
organization SecPod Technologies
definition_extensions
comment Maxthon Browser is installed
oval oval:org.mitre.oval:def:6262
description Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
family windows
id oval:org.mitre.oval:def:6437
status accepted
submitted 2009-11-23T10:27:31.430-04:00
title Maxthon Browser Address Bar Spoofing Vulnerability
version 18
refmap via4
misc http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html
xf maxthon-windowopen-spoofing(53009)
Last major update 19-09-2017 - 01:29
Published 28-08-2009 - 15:30
Back to Top